New issue
Advanced search Search tips

Issue 767382 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Dec 2017
Cc:
wonderfly@google.com
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CVE-2017-13693 CrOS: Vulnerability reported in Linux kernel

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 21 2017 
VOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. 

Advisory: CVE-2017-13693
  Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-13693
  CVSS severity score: 4.9/10.0
  Description:

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.



This bug was filed by http://go/vomit
Please contact us at vomit-team@google.com if you need any assistance.

Comment 1 by groeck@chromium.org, Sep 21 2017

Labels: Security_Severity-Low Security_Impact-Stable M-63 Pri-2
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
https://patchwork.kernel.org/patch/9919053/

Fix not yet upstream. If a system is already compromised to the point where the user can modify ACPI tables, anything is possible, and the user already has open access to the system. Will wait for the fix to be upstream before applying it, and won't apply to stable releases.

Comment 2 by groeck@chromium.org, Sep 26 2017

Cc: wonderfly@google.com

Comment 3 by groeck@chromium.org, Dec 5 2017

Labels: -M-63 M-65

Comment 4 by groeck@chromium.org, Dec 14 2017

Status: WontFix (was: ExternalDependency)
Proposed upstream patch rejected. Marking as WontFix.

Sign in to add a comment